Gamaredon Abuses Telegram To Target Ukrainian Government Organizations
The Gamaredon APT group was discovered targeting Ukrainian government entities using the Telegram messaging service to avoid traditional network detection.
The Telegram messaging application was used in several stages, from victim profiling to delivering the final payload.
The initial infection vector was weaponized spear-phishing documents written in the Russian and Ukrainian languages.
The threat actor exploited a remote template injection vulnerability to compromise adversarial infrastructure with malware and bypass Microsoft Word macro protection.
After the malicious document was opened, the malware downloaded a Visual Basic script from a specific address which connected to a Telegram account to get additional instructions.
Featured Resources
Get Ready to Get MCPwned — Cymulate’s Elite CTF on Securing the Model Context Protocol
When AI agents meet the real world, every protocol becomes a potential attack vector. That’s the big idea behind MCPwned,
How a Retail Organization Became 12x Faster at Assessing Security Controls with Cymulate
Challenge This retail organization has a presence in 34 countries and over 5,800 stores. Its security team uses various controls
Ransomware Detection Techniques: A Smarter Approach to Staying Ahead of Attacks
Ransomware attacks continue to rise in both volume and sophistication, crippling organizations, exfiltrating sensitive data and costing billions annually in